Security News > 2020 > September > Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application.
White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.
The exposed server was designed to log data related to the Android and iOS Bing mobile applications.
"Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk. We saw records of people searching from more than 70 countries," the experts say.
Responding to a SecurityWeek inquiry, a Microsoft spokesperson confirmed the incident: "We've fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we've determined that the exposed data was limited and de-identified."
News URL
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)